Software runs the world. Everything from IoT, medical devices, the power grid, smart cars, and voting apps has software behind it. Learn from the best of the best on exploiting software vulnerabilities and securing the software that is the foundation of our dynamic world. Join us in the AppSec Sandbox from Tuesday, June 7 through Thursday, June 9. Plus, register today using code 32USBAPPVFD to save $150 off your RSAC 2022 Full Conference Pass. Open to Full Conference and Expo Plus passholders only.

Sandbox Talks

All times are in Pacific Time(GMT -7)

Day 1 - June 07, 2022

Colonial Pipeline - What Happened, What Changed

Lightning talk 09:40 - 10:30 June 07, 2022
Session Code: SBX4-TLT2 Classification: intermediate

Bryson Bort | Founder & CEO, SCYTHE

Tim Weston | Cybersecurity Coordinator, DHS/TSA

Kimberly Denbow | Managing Director, Security & Operations, American Gas Association (AGA)

This session will bring together press, industry, and government to talk about what happened during the Colonial Pipeline breach from multiple perspectives as well as the TSA Cybersecurity Coordinator to discuss what changed, why, and what's next.

Continue reading...

macOS Attack Surface Analysis of the Application Sandbox

Track session 10:45 - 11:35 June 07, 2022
Session Code: SBX3-TIL3 Classification: advanced - technical

Shlomi Levin | Co-Founder and CTO, Perception Point

This talk will go through the process of an investigation of a recently published Apple sandbox escape zero-day. The process of uncovering a novel vulnerability is not an easy one; it is tedious and error-prone, requiring various methods and procedures. The talk will go through the various steps, fr...

Continue reading...

Spreading Application Security Ownership Across the Entire Organization

Lightning talk 12:15 - 13:05 June 07, 2022
Session Code: SBX2-TLT4 Classification: intermediate - technical

Erez Yalon | Head of Security Research, Checkmarx

Tanya Janca | Founder and CEO, We Hack Purple

Rick Ramgattie | Staff Application Security Engineer, Gemini Trust LLC

Application Security is a group sport. Three experts tackle how AppSec professional uses persuasion and negotiation skills to get buy-in from R&D and management, how Q&A teams can use off-the-shelf DAST tools to improve testing coverage, and provide practical tools and methodologies aimed at non-spe...

Continue reading...

Hacking Electronic Flight Bags

Track session 13:15 - 14:05 June 07, 2022
Session Code: SBX1-TIL5 Classification: general

Ken Munro | CEO, Pen Test Partners Inc.

Electronic Flight Bags are typically tablets used by commercial pilots to compute take off power requirements, landing braking distance, safe approaches and much more. Researchers have found and responsibly disclosed various security issues in a number of EFB apps which, if they had not been resolve...

Continue reading...

SANS Core NetWars Tournament v7

Capture the flag 13:15 - 15:15 June 07, 2022
Session Code: SBX7-TIL3 Classification: general - technical

Chris Elgee | Builder & Breaker, SANS NetWars Sandbox

Unique and broad-ranging, Core NetWars Tournament is the gold standard for all-in-one cyber range training and assessment for teams and individuals. From some of the most devious yet whimsical minds in the field, Core NetWars Tournament 7 is a trip through an off-kilter technical landscape with comp...

Continue reading...

Secure Supply Chain through Automation - with CSAF, VEX and SBOM

Track session 14:25 - 15:15 June 07, 2022
Session Code: SBX6-TIL6 Classification: general - technical

Thomas Schmidt | Subject Matter Expert, Federal Office for Information Security (BSI)

Current cyberthreats make clear that the supply chain needs to be secured. However, that is a complex task. One part is the downstream propagation of vulnerability and remediation related information. This includes not only the topics mitigations and updates but also the question whether a product i...

Continue reading...

Red Team ATT&CK: Initial Compromise

Capture the flag 16:45 - 18:00 June 07, 2022
Session Code: SBX3-TIL4 Classification: general

Fabien Guillot | Technical Marketing Manager, Vectra AI

It starts with an assumed compromise. When prevention fails security teams need to have an understanding of the actions taken by attackers to stop them. In Red Team ATT&CK: Initial Compromise attendees will learn the tactics of critical attack vectors, practice how attackers exploit network vulnerab...

Continue reading...

Day 2 - June 08, 2022

The Simple, Yet Lethal, Anatomy of a Software Supply Chain Attack

Track session 08:30 - 09:20 June 08, 2022
Session Code: SBX2-WIL1 Classification: general - technical

Erez Yalon | Head of Security Research, Checkmarx

Jossef Harush | Director of Engineering, Supply Chain Security, Checkmarx

While commercial supply chain attacks are becoming more manageable, security teams have a much harder time with open-source software supply chains. This session will provide an attacker's perspective of open-source flows and flaws and dive into several unique supply chain weaknesses. Demos will show...

Continue reading...

Red Team ATT&CK: Initial Compromise

Capture the flag 09:40 - 11:40 June 08, 2022
Session Code: SBX3-WIL2 Classification: general - technical

Fabien Guillot | Technical Marketing Manager, Vectra AI

It starts with an assumed compromise. When prevention fails security teams need to have an understanding of the actions taken by attackers to stop them. In Red Team ATT&CK: Initial Compromise attendees will learn the tactics of critical attack vectors, practice how attackers exploit network vulnerab...

Continue reading...

The Supply Chain is Broken: The Case of BLUEMONDAY & How To Own Everything

Track session 09:40 - 10:30 June 08, 2022
Session Code: SBX5-WIL2 Classification: advanced - technical

Ken Pyle | Partner, Exploit Developer / Graduate Professor of Cybersecurity, CYBIR

This session will outline the multi-vendor exploit series covered in CERT Case #667789 (and possibly others), a series of critical vulnerabilities in critical networking infrastructure. The researchers will demonstrate long lived and undisclosed critical flaws in IoT, how to map the software supply...

Continue reading...

Adaptively Fingerprinting Users/Applications at Scale with GPU Acceleration

Track session 10:45 - 11:35 June 08, 2022
Session Code: SBX2-WIL3 Classification: general - technical

Rachel Allen | Senior Data Scientist, Cybersecurity, Nvidia

Gorkem Batmaz | Senior Data Scientist, Cybersecurity, Nvidia

Arjun Chakraborty | Senior Software Engineer, Security Analytics, Nvidia

The massive scale, dimensionality, and heterogeneity of user application data requires an adaptive approach to detect malicious actions. This session will demo Morpheus, an open source framework, that supports assembling of multiple machine learning models to dynamically fingerprint users based on t...

Continue reading...

Cybersupply Chain Security—Powering Resources to Mitigate Risk

Lightning talk 12:15 - 13:05 June 08, 2022
Session Code: SBX6-WLT4 Classification: intermediate

Christine Horwege | Director, Emerging Cyber Practice, CGI Federal

Shari Gribbin | Managing Partner, CNK Solutions

Tony Eddleman | Director, NERC Reliability Compliance, Nebraska Public Power District (NPPD)

Rishita Rai | Senior Product Manager, Expedia Group

Supply chain security risks are rapidly evolving threats and a growing concern within the critical infrastructure. This session will bring together industry experts with decades of experience in regulatory, supply chain, risk management, and power operations to discuss practical steps, templates, an...

Continue reading...

SANS Core NetWars Tournament v7

Capture the flag 12:15 - 14:15 June 08, 2022
Session Code: SBX7-TIL3 Classification: general - technical

Chris Elgee | Builder & Breaker, SANS NetWars Sandbox

Unique and broad-ranging, Core NetWars Tournament is the gold standard for all-in-one cyber range training and assessment for teams and individuals. From some of the most devious yet whimsical minds in the field, Core NetWars Tournament 7 is a trip through an off-kilter technical landscape with comp...

Continue reading...

Cyber-Physical Security Awareness for Developers, Implementors, & Operators

Track session 13:15 - 14:05 June 08, 2022
Session Code: SBX1-WIL5 Classification: general - technical

Steve Scarbrough | Chief Technologist, IntelliGenesis LLC.

Introduce, demonstrate, and provide an interactive overview of the CybatiWorks exploratory cyber-physical mission station workshop. Participant mission station exercises will cover an introduction to cyber-physical topics of logic, sensors and actuators, OT system architecture, communication protoco...

Continue reading...

Use the Force Luke: Harnessing Shodan to Hunt for Threats to ICS Systems

Track session 14:25 - 15:15 June 08, 2022
Session Code: SBX4-WIL6 Classification: intermediate - technical

Dan Gunter | Founder and CEO, Insane Forensics

Paul Mathis | Lead Cybersecurity Analyst, Insane Forensics

Many analysts view Shodan as a tool used by red teamers and penetration testers to identify vulnerable systems. However, Shodan has many features that make it a great tool to keep in the repertoire when conducting Threat Hunts. This talk will show how Shodan can help enrich data and provide valuable...

Continue reading...

Red Team Tools and Tactics - 201

Capture the flag 14:25 - 16:30 June 08, 2022
Session Code: SBX7-WIL3 Classification: intermediate - technical

In Red Team Tools and Tactics 101- attendees will learn the basics of how to manually discover web application flaws, not using any tools. RTT&T 201 is the next evolution in how to increase effectiveness through using custom, semi-automated and automated tools and how to approach a (web) black box....

Continue reading...

Tube - A Reverse SOCKS Proxy for Embedded Systems and Offensive Operations

Track session 15:30 - 16:20 June 08, 2022
Session Code: SBX3-WIL7 Classification: intermediate - technical

Evan Anderson | Director of Offensive Security, Randori

How are attackers taking advantage of embedded systems? In this session the presenter will use opensource and embedded devices to bypass firewalls, pivot across network boundaries and gain full access to systems few consider computers. He will demonstrate “tube”, a reverse SOCKS proxy with a built-i...

Continue reading...

Day 3 - June 09, 2022

Preparation for OT Incident Response

Track session 09:40 - 10:30 June 09, 2022
Session Code: SBX4-RIL1 Classification: intermediate - technical

Lesley Carhart | Principal Industrial Incident Responder, Dragos Inc

While many industrial firms have a plan in place for how to deal with an incident in their enterprise network, industrial networks are a discrete space with different challenges. Aside from simply requiring a separate incident response plan document, there are several preparatory steps which will gr...

Continue reading...

Your Control System is Hacked! Now What?

Capture the flag 09:40 - 10:40 June 09, 2022
Session Code: SBX4-RIL2 Classification: general - technical

Tom VanNorman | Co-founder, ICS Village

The manufacturing facility was running just fine until an unfamiliar message popped up on the screen. It appears both the Enterprise and Process Control Networks are under attack. This table top exercise will challenge security teams to find the best approach to respond to this attack. This scenario...

Continue reading...

Building a Cloud-Based Pentesting Platform

Track session 13:00 - 13:50 June 09, 2022
Session Code: SBX3-RIL4 Classification: general - technical

Phillip Wylie | Founder, The Pwn School Project

Often offensive cybersecurity professionals require a way to perform external pentesting of Internet facing targets. This ability to test externally facing systems is nothing new and has been done over the years using various configurations. In this presentation attendees will learn how to build a c...

Continue reading...

Web Application Security CTF: Easy to Exploit, But Hard to Defend

Capture the flag 13:00 - 15:00 June 09, 2022
Session Code: SBX2-RIL4 Classification: intermediate - technical

Edouard Viot | VP Product and Engineering, Rohde & Schwarz Cybersecurity

Louis Deschanel | Technical Cybersecurity Evangelist, Rohde & Schwarz Cybersecurity

Soujanya Ain | Product Marketing Manager, Rohde & Schwarz Cybersecurity

You will learn how to improve your web application security in a fun Jeopardy style CTF. You need to exploit a website, step by step, allowing full compromise of the server. In parallel, you must help the website administrator resolve the security threats. We will provide you with some helpful hints...

Continue reading...

AppSec Pod Activities

Schedule of in-person activities coming soon...

Thanks to our Sponsors

Gold Sponsors

Is your organization passionate about application security and want to sponsor?

Read on how to become a sponsor and checkout our available sponsorship opportunities.